Archive for January 20, 2023

Friday, January 20, 2023

Twitter Makes It Official

Karissa Bell:

In case there was any doubt about Twitter’s intentions in cutting off the developers of third-party apps, the company has quietly updated its developer agreement to make clear that app makers are no longer permitted to create their own clients.

The “restrictions” section of Twitter’s developer agreement was updated Thursday with a clause banning “use or access the Licensed Materials to create or attempt to create a substitute or similar service or product to the Twitter Applications.”

I don’t understand what this means for API users such as NetNewsWire that are not trying to create their own client. What counts as a substitute?

Via John Gruber:

It’s better to put it in writing and make it official, but it just makes Twitter’s claim two days ago that these terms were “longstanding” all the more absurd.

Sean Heber (Hacker News):

But, as much as it pains us to say it, Twitterrific for iOS and macOS have now been removed from both App Stores. If you had a subscription on iOS, it will be automatically cancelled by the App Store.

Finally, if you were subscriber to Twitterrific for iOS, we would ask you to please consider not requesting a refund from Apple. The loss of ongoing, recurring revenue from Twitterrific is already going to hurt our business significantly, and any refunds will come directly out of our pockets – not Twitter’s and not Apple’s.

Tapbots (Hacker News):

While it is time for us to lay it to rest, a new bot will rise in its place and be greater than Tweetbot ever was. Built on an open and free platform, we are proud to introduce Ivory for Mastodon. We have taken everything great about Tweetbot and used it as the starting point for the future of Ivory. We have great plans to make Ivory better than Tweetbot ever could be.

See also: The Talk Show.


Update (2023-01-25): Paul Haddad:

A batch of the smaller Twitter 3rd party clients has been banned over the last couple of days. I just can’t tell if they are doing it this way because they are trying to maximize FUD and minimize outrage. Or if they don’t have anyone left who knows how stuff works and are just doing searches for “xyz still works” and then blocking.

Update (2023-05-29): Andrew Logan:

Amir Shevat, Twitter’s former head of product for the developer platform, who lives in Round Rock, was responsible for ensuring that the tools Twitter provided independent software developers using the platform met their needs. He said about 17 percent of engagement on Twitter, historically, was through third-party apps, which played a vital role in defining Twitter’s identity.


A few days after Tweetbot and other third-party clients stopped working, Twitter retroactively updated its developer agreement with language that banned third-party clients. (When Texas Monthly reached out to Twitter via email for an interview on this story, Twitter replied with a poop emoji.) Experts speculate Musk killed third-party clients because they don’t contribute to ad revenue, which has declined as much as 89 percent since Musk purchased the company, according to Bloomberg.

John Gruber:

Obviously the overwhelming number of Twitter users only ever used Twitter’s own first-party clients. The reason third-party clients were so important to Twitter, though, is that Twitter power users were drawn to them.

Matt Birchler:

17% is actually much higher than I expected, especially after years of seeing many people dismiss third party apps as effectively just something that like 100 nerds used but don’t actually matter.

Photos Workbench 1.0

Houdah Software:

Photos Workbench works with Apple Photos to help you organize, name, and compare your photos.


Batch change titles. Give your photos descriptive names


One-click apply keywords using keyword palettes


Photos Workbench has a large map that makes adding location information to your photos easy.


Identifying Phishing

Adam Engst:

In the past, many phishing attempts were obviously fake, and intentionally so. That’s because they only had to sucker people who were sufficiently inexperienced, credulous, or easily deceived that they would continue to go along with the scam. Now, however, I’m seeing phishing attempts that are more sophisticated and harder to identify quickly.

I’ve been examining phishing attempts for so long that it’s hard for me to imagine what might fool someone else, so I wanted to share some recent attempts that slipped past Gmail’s filters. For each message, I’ve called out some of the ways I identified it as phishing.

Local iOS Backups Repeatedly Prompt for Passcode

Adam Engst:

Instead of preventing AppleMobileBackup from backing up to custom locations without additional permission, Apple chose to mitigate the vulnerability by forcing the user to enter the device’s passcode on every backup or sync connection. And it works: Apple’s new approach prevents the backups from being directed to an unprotected location unless an attacker knows your device’s passcode. If they know the passcode, there’s far worse that they could do with your iPhone or iPad and the data stored on it.

Unfortunately, Apple’s solution is particularly ham-handed because it adds a non-trivial step to every USB or Wi-Fi connection attempt by every iOS/iPadOS user who backs up or syncs locally.

Update (2023-01-21): See also: Hacker News.